Dive into the world of vulnerability research

November 30, 2021

You’re curious, but taken aback by the cloud of terms to memorize, processes to follow and names to know? We’ve got you.

The discovery of a high-impact vulnerability can equal money, power, prestige or the satisfaction of averting future disaster. Hence, for every undiscovered such vulnerability, there is an implicit wacky race of highly motivated freelancers, nation-state actors, security researchers at big tech, graduate students and other players, each armed with their respective tools, expertise and preponderance of free time, all vying to be first past the post.
For these actors, there are few things more satisfying than finding a vulnerability with wide reach and crippling impact (in these modern days, one might add: wide enough reach and crippling enough impact to warrant a catchy name, a dedicated web page and an imposing logo).
This diverse supply of vulnerabilities meets a diverse demand: actors who have actual plans of what to do with a vulnerability, including some (not all) of the actors mentioned above,
will happily pay for one handsomely in lieu of doing the difficult research.

Download the full study

Who is this study for?

Anyone with at least a passing interest in the field of vulnerability research who’s taken aback by the cloud of terms to memorize, processes to follow

and names to know. No prior technical knowledge is required. This study doesn’t teach actual vulnerability research past the very basics of the basics;

if you’re looking for a text that does, go read our own “A First Introduction to Systems Exploitation”.

 

Understand the Basics:

  • Is there a “hacker mindset”?
  • Who looks for vulnerabilities, and why?
  • How do we measure how “bad” a vulnerability is?
  • What hoops and hurdles are there until a patch is finally issued?
  • In what ways can code become vulnerable?
  • What are these “Bluekeep” and “Spectre” you’ve heard of?
  • What is it like being a vulnerability researcher, and what lies in the future for this field?

 

Download the full study

 

Source: https://www.cvedetails.com/browse-by-date.php